Home / Threat Defense / Vulnerability Management / npm-scan
npm-scan

npm-scan

Pricing: Free
Write a Review Visit Website
npm-scan

What is npm-scan

iOS application for testing iOS penetration testing skills in a legal environment.

An Extensible, Heuristic-Based Vulnerability Scanning Tool for npm Packages

This is an extensible, heuristic-based vulnerability scanning tool designed for installed npm packages. **WARNING:** npm-scan is currently in early development and should not be used in production environments. We are working on developing more accurate heuristics. We are actively looking for new contributors who have ideas for additional heuristics, so please feel free to reach out to us! :) Another significant project you can contribute to is npm-zoo, where previously malicious packages are uploaded for research purposes. We need more examples to help us develop better heuristics. **Quickstart:** To get started, run the following commands: ``` npm install https://github.com/spaceraccoon/npm-scan.git npx npm-scan ``` **Usage:** To use the tool, you can execute: ``` npx npm-scan [options] ``` **Options:** - `-V`, `--version` output the version number - `-p`, `--packages-dir ` set the directory path for packages; defaults to `node_modules` - `-e`, `--exclude-heuristics ` exclude a comma-separated list of heuristics - `-o`, `--output ` set the file path for JSON output - `-v`, `--verbose` print more details for each package scan - `-s`, `--strict` include low-risk heuristics - `-h`, `--help` output usage information **Developing:** To contribute to the development, follow these steps: ``` git clone https://github.com/spaceraccoon/npm-scan.git npm link npm run scan npm run test npm run lint ``` Make sure to push your changes on a separate branch. To add a new feature or improvement, please ensure you follow the contribution guidelines.
 

npm-scan Reviews

Write a Review

No reviews yet. Be the first to review this tool!

Write a Review

Share your experience with npm-scan tool and help others make informed decisions.

Featured

Specops Software
Free
Password Management

Specops Software View Specops Software

Specops Software empowers organizations to fortify their IT security by addressing the critical vulnerability of password management and authentication. As a premier vendor, Specops Software provides advanced solutions designed to proactively block weak passwords, enforce robust authentication protocols, and ensure compliance with stringent industry standards like CJIS and HITRUST. With deep native integration into Active Directory and on-premises data storage, Specops Software offers unparalleled security and control for sensitive business data.

Active Directory password policy auditing against compliance standards
Breached password detection for over 900 million known compromised passwords
Zero-trust access evaluation and enhancement
Infisical
Free
Password Management

Infisical View Infisical

Infisical is the premier open-source platform designed for unified management of secrets, certificates, and configurations across your entire organization. It seamlessly integrates into your development workflows, CI/CD pipelines, and cloud infrastructure, ensuring secure storage and automated injection of sensitive information. Empower your team with robust features like versioning, point-in-time recovery, comprehensive audit logging, and automated secret rotation for enhanced security and operational efficiency.

Open-source secrets management platform
Unified management of secrets, certificates, and configs
Seamless integration with development workflows and CI/CD
Click Studios
Free
Password Management

Click Studios View Click Studios

Click Studios is an Australian-based Agile software development company dedicated to evolving Passwordstate, their robust Enterprise Password Management solution. Continuously refined through customer insights and cybersecurity advancements, Passwordstate offers advanced features for secure sensitive information management and stringent compliance. Click Studios provides scalable, secure, and user-friendly password management solutions, empowering businesses globally with affordable and reliable access control.

Secure Enterprise Password Management
Continuous Feature Enhancement
Customer Feedback Driven Development

Similar Tools

Vulcan Cyber
Free
Vulnerability Management

Vulcan Cyber View Vulcan Cyber

Vulcan Cyber, now part of Tenable, revolutionizes enterprise cyber risk reduction by automating and orchestrating the entire vulnerability remediation lifecycle from detection to resolution. It empowers organizations to adopt agile security practices through dynamic, scalable processes, adaptive planning, and continuous remediation, enabling rapid and flexible responses to exposures and risks.

End-to-end vulnerability remediation automation
Dynamic and scalable orchestration
Adaptive planning for risk management
Seemplicity
Free
Vulnerability Management

Seemplicity View Seemplicity

Seemplicity empowers security teams to streamline and scale risk reduction efforts through an integrated platform. By automating, optimizing, and centralizing security workflows, Seemplicity enables intelligent communication between tools, teams, and assets. This ultimately leads to a more efficient, collaborative, and agile security posture, regardless of an organization's current program maturity.

Automated risk reduction workflows
Centralized security operations workspace
Intelligent tool, team, and asset communication
Opus
Free
Vulnerability Management

Opus View Opus

Opus empowers organizations to proactively manage and mitigate cloud security risks through a unified platform for defining, orchestrating, and automating remediation processes. By integrating seamlessly with existing cloud and security tools, Opus offers comprehensive visibility and centralized management of security findings across distributed environments. It equips SecOps teams with pre-built playbooks and best practices to automate the resolution of complex security issues, continuously measuring and improving remediation effectiveness for enhanced security posture.

Unified cloud security risk management platform
Automated remediation process orchestration
Seamless integration with existing security tools
DefectDojo
Free
Vulnerability Management

DefectDojo View DefectDojo

DefectDojo is a comprehensive DevSecOps and vulnerability management platform designed to streamline your application security program. It empowers teams to centralize security findings, manage product and application data, and efficiently triage vulnerabilities. With over 150 security tool integrations and seamless bi-directional JIRA synchronization, DefectDojo provides a single source of truth for all your security intelligence, enabling faster remediation and improved security posture.

Comprehensive Vulnerability Management
DevSecOps Automation
Extensive Security Tool Integrations (150+)
Censys
Free
Vulnerability Management

Censys View Censys

Censys provides comprehensive, near real-time global visibility into your attack surface, empowering security and IT teams to proactively identify and mitigate risks. Leveraging trusted security data and researcher expertise, Censys Enterprise delivers actionable insights to defend your infrastructure against nation-state attacks, emerging threats, and common vulnerabilities, akin to having an expert security research team dedicated to your assets.

Comprehensive attack surface visibility
Near real-time threat intelligence
Proactive risk identification and mitigation
Zero Day Initiative Published Advisories
Free
Vulnerability Management

Zero Day Initiative Published Advisories View Zero Day Initiative Published Advisories

A free and open-source tool for identifying vulnerabilities in Joomla-based websites.